Application Serial No. 10/783,637 



Docket No. 200311424-1 



THE UNITED STATES PATENT AND TRADEMARK OFFICE 
BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES 



In re Application of 








Inventor: Wenxiao HE 


Confirmation No. 7335 






U.S. Patent Application No. 10/783,637 


: Group Art Unit: 2617 






Filed: February 20, 2004 


Examiner: Erika A. Gary 






For: METHOD AND APPARATUS FOR REGISTERING A MOBILE NODE WITH 
A HOME AGENT 



Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Attn: BOARD OF PATENT APPEALS AND INTERFERENCES 



BRIEF ON APPEAL 

This brief is in furtherance of the Notice of Appeal, filed in this case on October 
26, 2007. 

The fees required under § 1.17(f) and any required petition for extension of time 
for filing this brief and fees therefore, are dealt with in the accompanying 
TRANSMITTAL OF APPEAL BRIEF. 



Page 1 of 34 



Application Serial No. 10/783,637 



Docket No. 200311424-1 



TABLE OF CONTENTS 



I. Real Party in Interest 3 

II. Related Appeals and Interferences 3 

III. Status of Claims 3 

IV. Status of Amendments 3 

V. Summary of Claimed Subject Matter 4 

VI. Grounds of Rejection to be Reviewed on Appeal 9 

VII. Argument 10 

VIII. Conclusion 21 

IX. Claims Appendix 22 

X. Related Proceedings Appendix 34 



Page 2 of 34 



Application Serial No. 10/783,637 



Docket No. 200311424-1 



I. Real Party in Interest 

The real party in interest is Hewlett-Packard Development Company, L.P., a 
Texas limited partnership. 

II. Related Appeals and Interferences 

There are no other appeals or interferences that will directly affect, or be directly 
affected by, or have a bearing on the Board's decision in this appeal. 

III. Status of Claims 

A. Total Number of Claims in Application 

There is a total of 40 claims in the application, which are identified as claims 1- 

40. 

B. Status of all the Claims 

Claims 1-40 are pending. 

Claims 1-40 are rejected. 

C. Claims on Appeal 

Claims on appeal are claims 1-40. 

IV. Status of Amendments 

There are no outstanding un-entered amendments before the Examiner. 
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V. Summary of Claimed Subject Matter 

The present invention relates generally to a method and apparatus for 
registering a mobile node with a home agent. 
Claim 1 

Independent claim 1 recites a method for registering a mobile node with a home 
agent comprising: 

determining a home agent (Instant specification in at least paragraphs 11, 13, 
14, 19, 20, 24, and 35 and FIG. 1, element 5, FIG. 4, FIG. 5, element 240, FIG. 8, 
element 420, FIG. 9, element 420); 

establishing between the mobile node and the determined home agent a 
security tunnel having associated with said tunnel a single security association (Instant 
specification in at least paragraphs 11, 13, 16-18, 21, 25-26, 34, 36-38, 40 and FIG. 1, 
element 10, FIG. 2, FIG. 4, element 120, FIG. 5, element 245, FIG. 8, element 425, 
FIG. 9, element 425); and 

registering the mobile node with the home agent using the security tunnel 
(Instant specification in at least paragraphs 11, 13, 19, 20, 22, 24, 30, 36 and FIG. 1, 
element 15, FIG. 3, FIG. 5, element 210, FIG. 7, element 210, FIG. 9, element 430). 

Per the Summary section of the Instant specification, "Registration occurs when 
a home agent is determined and a security tunnel having a single security association 
is established between the home agent and the mobile node. The mobile node is then 
registered [by] the mobile node using the security tunnel." 
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Claim 9 

Independent claim 9 recites a mobile node comprising: 

mobile communication interface capable of communicating with a mobile 
network (Instant specification in at least paragraphs 24, 32, 35, and FIG. 5, element 
205, FIG. 8, element 410, FIG. 9, element 410); 

home agent determination unit capable of identifying a home agent (Instant 
specification in at least paragraphs 11, 13, 14, 19, 20, 24, and 35 and FIG. 1, element 
5, FIG. 4, FIG. 5, element 240, FIG. 8, element 420, FIG. 9, element 420); security 
tunneling unit capable of establishing and maintaining a security tunnel between the 
mobile node and an identified home agent, wherein an established security tunnel 
uses a single security association descriptor for one or more data paths (Instant 
specification in at least paragraphs 11, 13, 16-18, 21, 25-26, 34, 36-38, 40 and FIG. 1, 
element 10, FIG. 2, FIG. 4, element 120, FIG. 5, element 245, FIG. 8, element 425, 
FIG. 9, element 425); and 

registration unit capable of registering the mobile node with an identified home 
agent using an established security tunnel (Instant specification in at least paragraphs 
11, 13, 19, 20, 22, 24, 30, 36 and FIG. 1, element 15, FIG. 3, FIG. 5, element 210, 
FIG. 7, element 210, FIG. 9, element 430). 

Claim 17 

Independent claim 17 recites a mobile node comprising: 

processor for executing an instruction sequence (Instant specification in at least 
paragraph 32, and FIG. 8, element 400); 
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memory for storing an instructions sequence (Instant specification in at least 
paragraph 32, and FIG. 8, element 405); 

mobile communications interface for communicating with a mobile network 
(Instant specification in at least paragraphs 24, 32, 35, and FIG. 5, element 205, FIG. 
8, element 410, FIG. 9, element 410); 

instruction sequences stored in the memory including: home agent 
determination instruction sequence that, when executed by the processor, minimally 
causes the processor to identify a home agent for the mobile node (Instant 
specification in at least paragraphs 11, 13, 14, 19, 20, 24, and 35 and FIG. 1, element 
5, FIG. 4, FIG. 5, element 240, FIG. 8, element 420, FIG. 9, element 420); 

security tunneling instruction sequence that, when executed by the processor, 
minimally causes the processor to establish a security tunnel from the mobile node to 
an identified home agent where the security tunnel uses a single security association 
descriptor to secure a plurality of data paths (Instant specification in at least 
paragraphs 11, 13, 16-18, 21, 25-26, 34, 36-38, 40 and FIG. 1, element 10, FIG. 2, 
FIG. 4, element 120, FIG. 5, element 245, FIG. 8, element 425, FIG. 9, element 425); 
and registry instruction sequence that, when executed by the processor, minimally 
causes the processor to register the mobile node with an identified home agent using 
the established security tunnel (Instant specification in at least paragraphs 11, 13, 19, 
20, 22, 24, 30, 36 and FIG. 1, element 15, FIG. 3, FIG. 5, element 210, FIG. 7, 
element 210, FIG. 9, element 430). 
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Claim 25 

Independent claim 25 recites a computer readable medium having imparted 
thereon instruction sequences for registering a mobile node with a home agent 
including (Instant specification in at least paragraph 33): 

home agent determination instruction sequence that, when executed by a 
processor, minimally causes the processor to identify a home agent for the mobile 
node (Instant specification in at least paragraphs 11, 13, 14, 19, 20, 24, and 35 and 
FIG. 1, element 5, FIG. 4, FIG. 5, element 240, FIG. 8, element 420, FIG. 9, element 
420); 

security tunneling instruction sequence that, when executed by a processor, 
minimally causes the processor to establish a security tunnel from the mobile node to 
an identified home agent where the security tunnel uses a single security association 
descriptor to secure a plurality of data paths (Instant specification in at least 
paragraphs 11, 13, 16-18, 21, 25-26, 34, 36-38, 40 and FIG. 1, element 10, FIG. 2, 
FIG. 4, element 120, FIG. 5, element 245, FIG. 8, element 425, FIG. 9, element 425); 
and 

registry instruction sequence that, when executed by a processor, minimally 
causes the processor to register the mobile node with an identified home agent 
(Instant specification in at least paragraphs 11, 13, 19, 20, 22, 24, 30, 36 and FIG. 1, 
element 15, FIG. 3, FIG. 5, element 210, FIG. 7, element 210, FIG. 9, element 430). 

Claim 33 

Independent claim 33 recites a mobile node comprising: 
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means for determining a home agent (Instant specification in at least 
paragraphs 11, 13, 14, 19, 20, 24, and 35 and FIG. 1, element 5, FIG. 4, FIG. 5, 
element 240, FIG. 8, element 420, FIG. 9, element 420); 

means for establishing a single-security-association based security tunnel 
between the mobile node and a determined home agent (Instant specification in at 
least paragraphs 11, 13, 16-18, 21, 25-26, 34, 36-38, 40 and FIG. 1, element 10, FIG. 
2, FIG. 4, element 120, FIG. 5, element 245, FIG. 8, element 425, FIG. 9, element 
425); and 

means for registering the mobile node using an established security tunnel 
(Instant specification in at least paragraphs 11, 13, 19, 20, 22, 24, 30, 36 and FIG. 1, 
element 15, FIG. 3, FIG. 5, element 210, FIG. 7, element 210, FIG. 9, element 430). 
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VI. Grounds of Rejection to be Reviewed on Appeal 

A. The issue is whether claims 1, 9, 17, 25, and 33 are unpatentable 
under 35 U.S.C 102(b) as being anticipated by Yokote (US Patent 
Application Publication 2002/0157024). 

B. The issue is whether claims 1, 9, 17, 25, and 33 are unpatentable 
under 35 USC 102(e) as being anticipated by Eschbach era/. (US Patent 
Application Publication 2003/0088765). 

C. The issue is whether claims 1 , 3-7, 9, 1 1 -1 5, 1 7, 1 9-23, 25, 27-31 , 33, 
and 35-39 are unpatentable under 35 USC 102(e) as being anticipated by 
Thubert et al. (US Patent Application Publication 2004/02021 83). 

D. The issue is whether claims 1, 2, 8-10, 16-18, 24-26, 32-34, and 4 are 
unpatentable under 35 USC 102(b) as being anticipated by Johansson et 
al. (US Patent Application Publication 2002/0080752). 
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VII. Argument 

A. Was the PTO correct in rejecting claims 1, 9, 17, 25, and 33 under 35 
U.S.C. 102(b) as being anticipated by Yokote? 

The rejection of claims 1, 9, 17, 25, and 33 under 35 USC 102(b) as being 
anticipated by Yokote is incorrect and hereby traversed. A rejection based on 35 
U.S.C. §102 requires every element of the claim to be included in the reference, either 
directly or inherently. Claim 1 is patentable over Yokote because the reference fails to 
disclose or suggest every element of claim 1 . 

Claim 1 

Yokote fails to disclose or suggest "registering the mobile node with the home 
agent using the security tunnel" as claimed in claim 1 . 

In response to Appellant's arguments submitted July 9, 2007, the PTO asserts 
that "the reference teaches that during a registration process, the home agent and 
mobile node negotiate for a security association that is used for subsequent 
communications." PTO Final Official Action (FOA) mailed August 27, 2007 at page 5, 
section 6. As set forth below, this is incorrect based on the plain language of Yokote. 
Further, the cited language does not appear to state that the subsequent 
communications comprises the registration of a mobile node with a home agent, rather 
the language states that during a registration process a security association is 
negotiated. 

Further, the PTO attempts to rely on paragraphs 49 and 54 of Yokote to 
buttress the argument; however, this is incorrect because neither paragraph states 
that registration occurs using the security tunnel. The PTO-identified portions of 
Yokote, reproduced herein for ease of reference and convenience, states as follows: 

Among various security procedures and protocols, a security association 
(SA) is fundamental to implementation of IPsec. An SA is a relationship 
between two nodes that describes security services that the nodes agree 
to use in order to communicate securely between them. Prior to the 
exchange of information between nodes, the nodes negotiate and 
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establish a the SA between the nodes. Each node, then stores that SA, 
for a discrete lifetime of the SA. 

Yokote at paragraph 49 



When a communication between nodes is first initiated, it is desirable to 
first establish an SA to ensure security in the exchange of data packets 
exchange between the nodes. When the nodes have had a prior 
communication an SA has been established and stored in the cache for 
each node. That stored SA can be re-used for future communications 
and avoid delays manifested in establishing the SA, thereby reducing 
latency in the communication between the nodes. 

Yokote at paragraph 54 
Read in context, paragraphs 49 and 54 appear to restate what a security 
association is and how the SA is established without describing that registration 
occurs using the established security tunnel. That is, paragraphs 49 and 54 appear to 
be a focused description of security associations between two nodes without 
describing the registration process. As set forth below, Yokote appears to state that 
the registration occurs prior to establishment of the security tunnel and neither 
paragraphs 49 or 54 negate the prior Yokote description. For at least this reason, 
reversal of the rejection is respectfully requested. 

With respect to Yokote at paragraph 13, the PTO asserts that Yokote describes 
registering the mobile node with the home agent using the security tunnel. This is 
incorrect. Yokote describes the mobile node as registering with the home agent prior 
to the tunnel being established. Yokote at paragraph 13. The PTO-identified portion 
of Yokote, reproduced herein for ease of reference and convenience, states as 
follows: 

IPsec is applicable in both Mobile IPv4 and Mobile IPv6 environments. 
For instance, during a registration process in Mobile IPv4 in which a 
mobile node situated away from home is registering its care-of address 
with its home agent, the home agent and the mobile node negotiate for a 
mutually agreeable SA and establish an encryption key that is to be used 
to protect subseguent communications being tunneled between them . 
Similarly, the above IPsec is implemented in the Route Optimization 
operations according to Mobile IPv6. A mobile node situated away from 
home sends a binding update to a correspondent node to notify the 
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mobile node's current point of attachment to the Internet. The mobile and 
correspondent nodes then negotiate for a mutually agreeable SA and 
determine a cryptographic key that is to be used to protect subsequent 
communications routed directly between them. Ipsec provides for the 
creation of more than one SA having different security policies, between 
two nodes. The SA's are uniquely identified by a Security Parameter 
Index (SPI), which for example may be a 32 bit integer. 

Yokote at paragraph 1 3 (emphasis added) 

The PTO-identified portion of Yokote appears to describe registration occurring 

prior to establishment of the security tunnel which is contrary to the feature claimed in 

claim 1 . That is, Yokote states that the mobile node notifies the home of the current 

point of attachment and "then negotiate for a mutually agreeable" security association." 

Plainly, Yokote describes the registration occurring prior to establishment of the 

security association and, inter alia, a security tunnel. For at least this reason, reversal 

of the rejection is respectfully requested. 

Based on at least the foregoing reasons, claim 1 is patentable over Yokote and 
reversal of the rejection is respectfully requested. 

Claims 9, 17, 25, and 33 are patentable over Yokote for at least reasons similar 
to those advanced above with respect to claim 1 and reversal of the rejection is 
respectfully requested. 
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B. Was the PTO correct in rejecting claims 1, 9, 17, 25, and 33 under 35 
U.S.C. 102(e) as being anticipated by Eschbach? 

Claim 1 

The rejection of claims 1, 9, 17, 25, and 33 under 35 USC 102(e) as being 
anticipated by Eschbach is hereby traversed. A rejection based on 35 U.S.C. §102 
requires every element of the claim to be included in the reference, either directly or 
inherently. Claim 1 is patentable over Eschbach because the reference fails to 
disclose or suggest every element of claim 1. 

At the outset, Appellant notes that the PTO has asserted a new ground of 
rejection based on Eschbach which was neither necessitated by Appellant's 
amendments nor by an information disclosure statement submitted by Appellant. 
Withdrawal of the finality of the Official Action and/or the rejection based on Eschbach 
is respectfully requested in addition to reversal of the rejection as set forth below. 

Claim 1 

The PTO attempts to rely on paragraph 30 of Eschbach for the assertion that 
the subject matter of claim 1 is anticipated by the reference. This is incorrect. 

First, Eschbach appears to describe a process for enabling session inter-device 
(SID) mobility and not registering a mobile node with a home agent as claimed. SID 
mobility, as described by Eschbach at paragraph 30, enables the transfer of a session 
from one device to another device. Paragraph 30 fails to disclose establishing a 
security tunnel between the mobile node and the home agent prior to registering the 
mobile node with the home agent. Rather, paragraph 29 explicitly states that the 
home agent "only accepts registration requests from a mobile device 12 which the 
[home agent] 18 can authenticate as originating from a legitimately relocated mobile 
device." That is, the mobile device registration occurs prior to establishment of a 
security tunnel and without using the security tunnel. For at least this reason, reversal 
of the rejection is respectfully requested. 
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Further, as described by Eschbach at paragraphs 31-33, a transferring node 
registers a target node with the agent prior to establishment of the security association 
between the agent and the target node. Eschbach states that the transfer request 
(which does not occur over an as-yet-to-be-established security tunnel between the 
agent and target node) contains "the Target Node's IP address" and security 
association information to enable subsequent establishment of a security association 
as between the Agent and the Target Node. Thus, Eschbach fails to disclose the 
claimed subject matter of claim 1. For at least this reason, reversal of the rejection is 
respectfully requested. 
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C. Was the PTO correct in rejecting claims 1 , 3-7, 9, 1 1 -1 5, 1 7, 1 9-23, 
25, 27-31, 33, and 35-39 under 35 U.S.C. 102(e) as being anticipated by 
Thubert? 

The rejection of claims 1, 3-7, 9, 11-15, 17, 19-23, 25, 27-31, 33, and 35-39 
under 35 USC 102(e) as being anticipated by Thubert is hereby traversed. A rejection 
based on 35 U.S.C. §102 requires every element of the claim to be included in the 
reference, either directly or inherently. Claim 1 is patentable over Thubert because the 
reference fails to disclose or suggest every element of claim 1 . 

Claim 1 

Thubert falls to disclose or suggest "establishing between the mobile node and 
the determined home agent a security tunnel" as claimed in claim 1 . 

In response to Appellant's arguments submitted July 9, 2007, the PTO asserts 
that "Thubert teaches that the mobile node registers via a tunnel terminated by the 
home agent." PTO Final Official Action (FOA) mailed August 27, 2007 at page 6, 
section 6. As set forth below, this is incorrect based on the plain language of Thubert. 

The PTO attempts to rely on paragraph 48 for the above assertion; however, 
this is incorrect. Presumably the PTO is attempting to rely on the sentence fragment 
which states "mobile router 12 registers via the bidirectional tunnel 15a terminated by 
the home agent (HA) 18." Thubert at paragraph 48. Again, the PTO appears to be 
reading the statement out of context. In context, paragraphs 47-56 appear to describe 
FIG. 4A which depict a "method by the mobile router 12 and the correspondent router 
13b of optimizing routing paths based on establishment of the bidirectional tunnel 
15d." Thubert at paragraph 47. That is, the registration described appears to be as 
between the mobile router and the correspondent router prior to establishment of a 
security association between the mobile and correspondent routers. Because the 
mobile router appears to have already registered and established a security 
association with the home agent, the registration communication with the 
correspondent router occurs (for at least the portion of the connectivity between the 
correspondent router and the mobile router which corresponds to the connection 
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between the mobile router and the home agent) via the established security 
association between the mobile router and the home agent. This is inapplicable 
because: (a) the registration described appears to occur as between the mobile and 
correspondent routers and not between the mobile router and the home agent; and (b) 
the registration occurs prior to establishment of the security association between the 
mobile router and the correspondent node. For at least this reason, reversal of the 
rejection is respectfully requested. 

Further, as described below, the description of Thubert appears to be 
concerned with communication between a mobile router and a correspondent node. 

The PTO asserts that Thubert describes establishing a security tunnel as 
claimed at the Abstract and paragraphs 6, 15, 39, and 48. This is incorrect. Each of 
the PTO-identified portions of Thubert appear to describe establishing a tunnel 
between a mobile router and a correspondent node and not establishing a security 
tunnel between a mobile node and a home agent. The Title of Thubert is 
"Arrangement for Establishing a Bidirectional Tunnel Between a Mobile Router and a 
Correspondent Node ." (Emphasis added) There does not appear to be a disclosure 
of establishing a security tunnel between a mobile node and a home agent, nor does 
there appear to be a disclosure of registering the mobile node with the home agent 
using the security tunnel as claimed in claim 1 . For at least this reason, reversal of the 
rejection is respectfully requested. 

Based on at least the foregoing reasons, claim 1 is patentable over Thubert and 
reversal of the rejection is respectfully requested. 

Claims 3-7 depend, either directly or indirectly, from claim 1, include further 
limitations, and are patentable over Thubert for at least the reasons advanced above 
with respect to claim 1. The rejection of claims 3-7 should be reversed. 

Claims 9, 17, 25, and 33 are patentable over Thubert for at least reasons 
similar to those advanced above with respect to claim 1 and reversal of the rejection is 
respectfully requested. 
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Claims 1 1-15, 19-23, 27-31, and 35-39 depend, either directly or indirectly, from 
claims 9, 17, 25, and 33, include further features, and are patentable over Thubertfor 
at least reasons similar to the reasons advanced above with respect to claim 1 . The 
rejection of claims 11-15, 19-23, 27-31, and 35-39 should be reversed. 
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D. Was the PTO correct in rejecting claims 1, 2, 8-10, 16-18, 24-26, 32- 
34, and 40 under 35 U.S.C. 102(e) as being anticipated by Johansson? 

The rejection of claims 1, 2, 8-10, 16-18, 24-26, 32-34, and 40 under 35 USC 
102(b) as being anticipated by Johansson is hereby traversed. A rejection based on 
35 U.S.C. §102 requires every element of the claim to be included in the reference, 
either directly or inherently. Claim 1 is patentable over Johansson because the 
reference fails to disclose or suggest every element of claim 1 . 

Claim 1 

Johansson fails to disclose or suggest "registering the mobile node with the 
home agent using the security tunnel" as claimed in claim 1 . 

In response to Appellant's arguments submitted July 9, 2007, the PTO asserts 
that "Johansson teaches the mobile sends a registration message along with tunnel 
information. Subsequently, a security association with the home agent is established 
for traffic sent back [paragraph 01 14]. Hence, the security tunnel is established before 
the registration is complete." PTO Final Official Action (FOA) mailed August 27, 2007 
at page 6, section 6 (emphasis added). As set forth below, this is incorrect based on 
the plain language of Johansson and fails to anticipate the claimed subject matter. 

The PTO appears to be asserting without any support in any of the applied 
references that registration is not complete until traffic is sent back from the home 
agent to the mobile node. Without any support for this asserted definition, reversal of 
the rejection is respectfully requested because Johansson appears to consider 
registration of the mobile node with the home agent as occurring upon transmission of 
a registration message from the mobile node to the home agent. The claim language 
states "registering the mobile node with the home agent using the security tunnel" and 
the PTO admits that the registration from the mobile node to the home agent occurs 
prior to establishment of the security tunnel, i.e., reference is made to the above 
copied quotation stating that the security association is established subsequent to the 
registration message transmission. Thus, according to Johansson and the PTO's 
admission, registration of the mobile node with the home agent occurs prior to 
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establishment of the security tunnel and Johannson fails to anticipate the claimed 
subject matter. Based on at least the foregoing, reversal of the rejection is respectfully 
requested. 

Further, the PTO asserts without support in Johansson that registration is 
completed via use of an established security tunnel. Johansson fails to so state. 
Johansson also fails to state that the security tunnel is established prior to completion 
of the registration. For at least this additional reason, reversal of the rejection is 
respectfully requested. 

Further, the PTO asserts that Johansson describes registering the mobile node 
with the home agent using the security tunnel at paragraphs 114, 126, and 138. This 
is incorrect. Johansson appears to describe the mobile node as registering with the 
home agent prior to the tunnel being established. Johansson at paragraph 114 
("sends a mobile IP 27 registration message to the selected network interface card 88" 
followed by "instructs the IPSec filter 84a via the security association database 84d to 
utilize security associations"). 

Further, Johansson appears to describe modification of mobile IP tunnel 30a 
after receipt of registration request 93, which does not appear to have traversed the 
tunnel. Johansson at paragraph 126 ("The mobile IP tunnel 30a is then modified to 
contain a UDP header 30c as well."). Paragraph 138 of Johansson appears to 
describe the transmission of "registration request 93 towards the home agent 1" 
without disclosing that transmission of the registration occurs using the security tunnel. 
Further still, paragraphs 139-141 of Johansson appear to describe the communication 
of registration information between a mobile node and its home agent without the use 
of a security tunnel. For at least this reason, reversal of the rejection is respectfully 
requested. 

The PTO-identified portion of Johansson appears to describe registration 
occurring prior to establishment of the security tunnel which is contrary to the feature 
claimed in claim 1 . For at least this reason, reversal of the rejection is respectfully 
requested. 
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Based on at least the foregoing reasons, claim 1 is patentable over Johansson 
and reversal of the rejection is respectfully requested. 

Claim 2 depends, either directly or indirectly, from claim 1, include further 
limitations, and are patentable over Johansson for at least the reasons advanced 
above with respect to claim 1 . The rejection of claim 2 should be reversed. 

Claims 9, 17, 25, and 33 are patentable over Johansson for at least reasons 
similar to those advanced above with respect to claim 1 and reversal of the rejection is 
respectfully requested. 

Claims 8, 10, 16, 18, 24, 26, 32, 34, and 40 depend, either directly or indirectly, 
from claims 9, 17, 25, and 33, include further features, and are patentable over 
Johansson for at least reasons similar to the reasons advanced above with respect to 
claim 1. The rejection of claims 8, 10, 16, 18, 24, 26, 32, 34, and 40 should be 
reversed. 
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VIII. Conclusion 

Each of the PTO's rejections has been traversed. Appellant respectfully 
submits that all claims on appeal are considered patentable over the applied art of 
record. Accordingly, reversal of the PTO's Final Rejection is believed appropriate and 
courteously solicited. 

If for any reason this Appeal Brief is found to be incomplete, or if at any time it 
appears that a telephone conference with counsel would help advance prosecution, 
please telephone the undersigned, Appellant's attorney of record. 

To the extent necessary, a petition for an extension of time under 37 C.F.R. 
1.136 is hereby made. Please charge any shortage in fees due in connection with the 
filing of this paper, including extension of time fees, to Deposit Account 08-2025 and 
please credit any excess fees to such deposit account. 

Reversal of the rejection is in order. 
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IX. Claims Appendix 

1 . A method for registering a mobile node with a home agent comprising: 
determining a home agent; 

establishing between the mobile node and the determined home agent a 
security tunnel having associated with said tunnel a single security association; and 
registering the mobile node with the home agent using the security tunnel. 

2. The method of claim 1 wherein establishing a security tunnel comprises: 
creating a security policy database for at least one of a binding update 

message, a return routability message, prefix discovery message and payload data 
packet; and 

associating two or more security policy databases with a security tunnel using a 
single security association. 

3. The method of claim 1 wherein registering the mobile node with the home agent 
comprises: 

dispatching a binding update request to the home agent using the security 
tunnel; and 

receiving a binding update acknowledgement by way of a reverse path security 

tunnel. 
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4. The method of claim 1 further comprising discovering an applicable prefix for 
the home agent using the security tunnel. 

5. The method of claim 1 further comprising conveying data to a correspondent 
node using the security tunnel. 

6. The method of claim 1 further comprising communicating a return routability 
signal to the home agent using the security tunnel. 

7. The method of claim 1 further comprising establishing a reverse path security 
tunnel having associated with said tunnel a single security association. 

8. The method of claim 7 wherein establishing a reverse path security tunnel 
comprises creating a security policy database for at least one of a binding update 
message, a return routability message, prefix discovery message and payload data 
packet; and associating one or more security policy databases with a security tunnel 
using a single security association. 

9. A mobile node comprising: 

mobile communication interface capable of communicating with a mobile 
network; 

home agent determination unit capable of identifying a home agent; security 
tunneling unit capable of establishing and maintaining a security tunnel between the 
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mobile node and an identified home agent, wherein an established security tunnel 
uses a single security association descriptor for one or more data paths; and 

registration unit capable of registering the mobile node with an identified home 
agent using an established security tunnel. 

1 0. The mobile node of claim 9 wherein the security tunnel unit comprises: 
security association descriptor capable of storing a security association; 
security policy descriptor capable of storing a security policy for at least one of a 

binding update message, a return routability message, a prefix discovery solicitation 
message and a payload data packet; 

messaging unit capable of formatting a secure message according to an 
incoming message that includes at least one of a binding update message, a return 
routability message, a prefix discovery message and a payload data packet and 
according to a security association stored in the security association descriptor and 
further capable of formatting a secure message using a security policy stored in any of 
the security policy descriptors, wherein the security policy descriptor is selected 
according to the type of the incoming message. 

1 1 . The mobile node of claim 9 wherein the registration unit comprises: 

binding request message unit that directs to the security tunneling unit a binding 
message directed to a home agent according to an indicator received from the home 
agent determination unit; and 



Page 24 of 34 



Application Serial No. 10/783,637 



Docket No. 200311424-1 



binding acknowledgement unit that receives a binding update 
acknowledgement from the security tunneling unit according to a tunneling packet 
received from the home agent using a reverse path security tunnel. 

12. The mobile node of claim 9 further comprising a prefix discovery unit capable of 
discovering an applicable prefix for the determined home agent using the established 
security tunnel. 

13. The mobile node of claim 9 further comprising a payload unit capable of 
accepting data from a client and directing it to the security tunneling unit. 

14. The mobile node of claim 9 further comprising route discovery unit capable of 
dispatching a return routability message to the security tunneling unit. 

15. The mobile node of claim 9 wherein the security tunneling unit is capable of 
establishing and maintaining a reverse path security tunnel between the mobile node 
and an identified home agent. 

16. The mobile node of claim 15 wherein the security tunneling unit comprises: 
reverse path security association descriptor capable of storing a security association; 
reverse path security policy descriptor capable of storing a security policy for at least 
one of a binding update acknowledgement message, a return routability reply 
message, a prefix discovery advertisement message and a return payload data packet 
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wherein the messaging unit is capable of unsecuring a secure tunneling message 
according to a security association stored in the reverse path security association 
descriptor and according to a security descriptor stored in at least one of the reverse 
path security policy descriptors wherein the reverse path security policy descriptor is 
selected according to the type of secure tunneling message received. 

17. A mobile node comprising: 

processor for executing an instruction sequence; 
memory for storing an instructions sequence; 

mobile communications interface for communicating with a mobile network; 

instruction sequences stored in the memory including: home agent 
determination instruction sequence that, when executed by the processor, minimally 
causes the processor to identify a home agent for the mobile node; 

security tunneling instruction sequence that, when executed by the processor, 
minimally causes the processor to establish a security tunnel from the mobile node to 
an identified home agent where the security tunnel uses a single security association 
descriptor to secure a plurality of data paths; and registry instruction sequence that, 
when executed by the processor, minimally causes the processor to register the 
mobile node with an identified home agent using the established security tunnel. 

18. The mobile node of claim 17 wherein the security tunneling instruction 
sequence causes the processor to establish a security tunnel by minimally causing the 
processor to create a single security association that can be used by a plurality of data 
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paths, including, but not limited to data paths for a binding update message, a return 
routability message, a prefix discovery message and a payload data packet. 

19. The mobile node of claim 17 wherein the registry instruction sequence causes 
the processor to register the mobile node by minimally causing the processor to 
dispatch a binding update request to an identified home agent using a security tunnel 
established by the processor when it executes the security tunneling instruction 
sequence. 

20. The mobile node of claim 17 further comprising a prefix discovery instruction 
sequence that, when executed by the processor, minimally causes the processor to 
discover a prefix for an identified home agent using a security tunnel established by 
the processor when it executes the security tunneling instruction sequence. 

21 . The mobile node of claim 17 further comprising a payload instruction sequence 
that, when executed by the processor, minimally causes the processor to direct a 
payload data packet to an identified home agent using a security tunnel established by 
the processor when it executes the security tunneling instruction sequence. 

22. The mobile node of claim 17 further comprising a return path verification 
instruction sequence that, when executed by the processor, minimally causes the 
processor to direct a return routability message to an identified home agent using a 
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security tunnel established by the processor when it executes the security tunneling 
instruction sequence. 

23. The mobile node of claim 17 wherein the security tunneling instruction 
sequence further minimally causes the processor to establish a reverse path security 
tunnel capable of carrying a plurality of data paths using a single security association. 

24. The mobile node of claim 23 wherein the security tunneling instruction 
sequence, when executed by the processor, minimally causes the processor to 
establish a reverse path security tunnel by: creating a security policy database for at 
least one of a binding update message, a return routability message, prefix discovery 
message and payload data packet; and associating one or more security policy 
databases with a reverse path security tunnel using a single security association. 

25. A computer readable medium having imparted thereon instruction sequences 
for registering a mobile node with a home agent including: 

home agent determination instruction sequence that, when executed by a 
processor, minimally causes the processor to identify a home agent for the mobile 
node; 

security tunneling instruction sequence that, when executed by a processor, 
minimally causes the processor to establish a security tunnel from the mobile node to 
an identified home agent where the security tunnel uses a single security association 
descriptor to secure a plurality of data paths; and 
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registry instruction sequence that, when executed by a processor, minimally 
causes the processor to register the mobile node with an identified home agent. 

26. The computer readable medium of claim 25 wherein the security tunneling 
instruction sequence causes a processor to establish a security tunnel by minimally 
causing the processor to create a single security association that can be used by a 
plurality of data paths, including, but not limited to data paths for a binding update 
message, a return routability message, a prefix discovery message and a payload 
data packet. 

27. The computer readable medium of claim 25 wherein the registry instruction 
sequence causes the processor to register the mobile node by minimally causing the 
processor to dispatch a binding update request to an identified home agent using a 
security tunnel established by the processor when it executes the security tunneling 
instruction sequence. 

28. The computer readable medium of claim 25 further comprising a prefix 
discovery instruction sequence that, when executed by the processor, minimally 
causes the processor to discover prefix for an identified home agent using a security 
tunnel established by the processor when it executes the security tunneling instruction 
sequence. 



Page 29 of 34 



Application Serial No. 10/783,637 



Docket No. 200311424-1 



29. The computer readable medium of claim 25 further comprising a payload 
instruction sequence that, when executed by the processor, minimally causes the 
processor to direct a payload data packet to an identified home agent using a security 
tunnel established by the processor when it executes the security tunneling instruction 
sequence. 

30. The computer readable medium of claim 25 further comprising a return path 
verification instruction sequence that, when executed by the processor, minimally 
causes the processor to direct a return routability message to an identified home agent 
using a security tunnel established by the processor when it executes the security 
tunneling instruction sequence. 

31. The computer readable medium of claim 25 wherein the security tunneling 
instruction sequence further minimally causes the processor to establish a reverse 
path security tunnel capable of carrying a plurality of data paths using a single security 
association. 

32. The computer readable medium of claim 31 wherein the security tunneling 
instruction sequence, when executed by the processor, minimally causes the 
processor to establish a reverse path security tunnel by: creating a security policy 
database for at least one of a binding update message, a return routability message, 
prefix discovery message and payload data packet; and associating one or more 
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security policy databases with a reverse path security tunnel using a single security 
association. 

33. A mobile node comprising: means for determining a home agent; means for 
establishing a single-security-association based security tunnel between the mobile 
node and a determined home agent; and means for registering the mobile node using 
an established security tunnel. 

34. The apparatus of claim 33 wherein the means for establishing a single-security 
association based security tunnel comprises means for associating a plurality of 
security policy databases with a single security association. 

35. The apparatus of claim 33 wherein the means for registering the mobile node 
comprises: means for dispatching a binding update message to an identified home 
agent using an established security tunnel; and means for receiving a binding update 
acknowledgement by way of a reverse path security tunnel. 

36. The apparatus of claim 33 further comprising a means for discovering an 
applicable prefix for the home agent using an established security tunnel. 

37. The apparatus of claim 33 further comprising a means for conveying data to a 
correspondent node using an established security tunnel. 
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38. The apparatus of claim 33 further comprising a means for communicating a 
return routability signal to a determined home agent using an established security 
tunnel. 

39. The apparatus of claim 33 further comprising a means for establishing a 
reverse path single-security-association based security tunnel. 

40. The apparatus of claim 39 wherein the means for establishing a reverse path 
security tunnel comprises means for associating a plurality of security policy 
databases with a single security association. 



Page 32 of 34 



Application Serial No. 10/783,637 

X. Evidence Appendix 

None. 



Docket No. 200311424-1 



Page 33 of 34 



Application Serial No. 10/783,637 

XI. Related Proceedings Appendix 

None. 



Docket No. 200311424-1 



Page 34 of 34 



